Attacking Microsoft Azure
Written by a senior penetration tester, Attacking Microsoft Azure will teach you how to launch cloud-focused penetration tests and simultaneously attack on-premise environments, giving you the full scope of your target’s vulnerabilities. Matt Burrough explains the components of Azure, identifies common security issues in cloud deployments, and explains how penetration testers can exploit them.
You’ll learn how to:
- Gain access by circumventing two-factor authentication and stealing management certificates from developer machines
- Make sense of Azure’s services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
- Exploit Azure’s storage model and recover storage keys
- Attack virtual machines and acquire passwords, binaries, code, and settings files
- Compromise networks by modifying firewall rules
- Attack specialized services like Azure Key Vault and Azure Websites
- Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author’s experience as a corporate penetration tester, sample scripts from attacks, and “Defenders Tips” that explain how companies can reduce risk, Attacking Microsoft Azure provides a clear overview of Azure’s vulnerabilities and how to take advantage of them.